On Fri, Apr 20, 2012 at 2:22 PM, Wassim Zaarour <wassim.zaarour@navlink.com> wrote:
On 4/20/12 10:15 AM, "Fajar A. Nugraha" <list@fajar.net> wrote:
Long version: MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either: - Cleartext-Password or NT-Hash available (in LDAP, sql, users file whatever), OR - an active directory
If you don't have either, then it won't work.
Hi Farja,
Passwords are stored as clear text in my LDAP, that should make MSCHAPv2 work right?
Yes, if FR can find them. This part of the log says it can't: [ldap] performing search in o=navbey.com, dc=navbey,dc=com, with filter (uid=pk) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? You might need to play around with the user used to login to LDAP, as some systems only give out passwords to admin accounts. Testing manual LDAP lookup using command line tool (e.g. ldapsearch) helps. If you CAN get your ldap server to return cleartext password with ldapsearch, then you should be able to configure FR to get that as well. -- Fajar